package top.hzy520.security;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.util.AntPathMatcher;
import top.hzy520.common.constants.Constants;
import top.hzy520.user.entity.UserElement;

import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;

/**
 * @Author: HouZeYu
 * @Description:  预处理权限拦截器
 * @Date: Created in 15:52 2018/7/8
 */
public class TokenAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter {
    private AntPathMatcher matcher=new AntPathMatcher();

    private List<String> noneSecurityPath;

    public TokenAuthenticationFilter(List<String> noneSecurityPath) {
         this.noneSecurityPath=noneSecurityPath;
    }
    /**
    *@Author: HouZeYu
    *@Description: 权限认证
    *@Date: 15:33 2018/7/17
    */
    @Override
    protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
        List<GrantedAuthority> grantedAuthorities=new ArrayList<>();
           //给无需权限的路径授权
          if (isNoneSecurity(request.getRequestURI().toString())|| "OPTIONS".equals(request.getMethod())){
                GrantedAuthority grantedAuthority=new SimpleGrantedAuthority(" ROLE_VISITOR");
                grantedAuthorities.add(grantedAuthority);
                return new TokenAuthentication(grantedAuthorities);
            }
         //检查验证token
         String token=request.getHeader(Constants.REQUEST_TOKEN_HEADER);
          if (token != null && !token.trim().isEmpty()){
                 //从springsession中取出user
          UserElement userElement= (UserElement) request.getSession().getAttribute(Constants.REQUEST_TOKEN_HEADER);
          //验证是否是user信息
          if (userElement instanceof UserElement){
              GrantedAuthority grantedAuthority=new SimpleGrantedAuthority(" ROLE_USER");
              grantedAuthorities.add(grantedAuthority);
              return new TokenAuthentication(grantedAuthorities);
           }else {
              //token不正确
             request.setAttribute("header-error",401);
          }
          }else {
             //token不存在
              request.setAttribute("header-error",401);
          }
          //请求头错误随便给个角色
          if (request.getAttribute("header-error")!=null){
              GrantedAuthority grantedAuthority=new SimpleGrantedAuthority(" ROLE_NONE");
              grantedAuthorities.add(grantedAuthority);
          }
        return new TokenAuthentication(grantedAuthorities);
    }
    /**
    *@Author: HouZeYu
    *@Description:  匹配该路径是否需要权限
    *@Date: 15:45 2018/7/17
    */
    private boolean isNoneSecurity(String uri) {
        boolean resutl=false;
        if (this.noneSecurityPath!=null){
              for (String parttern: this.noneSecurityPath){
                  if (matcher.match(parttern,uri)){
                      resutl=true;
                      break;
                  }
              }
        }
        return resutl;
    }

    @Override
    protected Object getPreAuthenticatedCredentials(HttpServletRequest httpServletRequest) {
        return null;
    }
}
